Thanks alot, while preparing for architect certification your videos do help alot. Even the demos in each video makes easy to digest the concept. Thanks again.
Great video. Clearest example of peering that I've seen so far. Quite precise and pacing is good without too much fluff. Wish we could have seen an example of the creation of the peering using cloudshell as well - since you already did that nicely for the first part.
Does GCP allow transitive peering - for e.g. if Project A is peered with Project B, Project B is peered with Project C; then does it mean that Project A is automatically peered with Project C?
Nope it doesn't allow. VPCs have to be peered directly to each other to allow communication between them. To further filter on what subnets to allow to peer within vpc, you have to use firewall rules as by default all subnets within a vpc are peered once peering is set up, so to further filtering subnets within peered networks use firewall.
Both the author and Vikas are correct. One solution would be to open an ssh tunnel either from A or from B that provides A API access to C. for instance - if you do from project A: ssh -L 3306:project-C-vm:3306 user@project-B-vm -N - then you'd create the tunnel. and, if you want the tunnel to be self-healing, then autossh can be used. It is a hack - but seemingly reliable and simple.
Please try to cover advanced deep dive concept ex exchange custom routes, use cases where a lot of manual configuration can be avoided by using google managed private service connect service. I'm assuming you have extensive hard-core experience, i would come back to you for case base demos which are not even covered by qwiklabs :) Thank you JK !, i really appreciate you devoting time to enlighten us with your experience.
You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN to maintain a connection between your on-premises systems and Google Cloud until the migration is completed. You want to make sure all your on-premise systems remain reachable during this period. How should you organize your networking in Google Cloud? A. Use the same IP range on Google Cloud as you use on-premises B. Use the same IP range on Google Cloud as you use on-premises for your primary IP range and use a secondary range that does not overlap with the range you use on-premises C. Use an IP range on Google Cloud that does not overlap with the range you use on-premises D. Use an IP range on Google Cloud that does not overlap with the range you use on-premises for your primary IP range and use a secondary range with the same IP range as you use on-premises I'm confused between options C and D. Could you please help me choose the correct one with an explanation?
I think the main thing may be that VPC Peering can connect VPCs between different Organizations. Whereas VPC Sharing must stay within 1 organization. However, I'm sure there are other differences.
I am a business student don't have any prior knowledge in coding and I started using Google cloud shell while learning in qwiklabs gradually when I am about to finish the course I don't know how to write the command lines in cloud shell so can you please suggest me how to write command lines in cloud shell
What commands are you talking about ? gcloud commands or linux commands? gcloud commands are well documented for each service or you can learn how to do that by typing Eg:- gcloud app help for each service.
@Cloud Advocate suppose we want to go from our local machine to a server that acts as bastian host and then from bastian host we need to go to an instance(on different vpc) and then from that instance we need to access all other instances in one different vpc. So i need to ask you if its possible to use same private-public key pair to access all these using ssh forwarding or not. Or do i need to supply different key pairs.
Hi, @@CloudAdvocate . The bastian host is also a google cloud vm and only accepts connection from my ip address. And then there is another vm on different vpc (let's assume jenkins server ) that accepts connection only from bastian host. Now this jenkins server should be able to ssh into all other instances (one or greater than one) that are on different vpc. So there are total three vpc's involved. I don't want to store the private key on cloud (on any server) for security reasons. So how can i reach jenkins server's terminal and then ssh into any instance i want for further development.
@@CloudAdvocate thanks for your reply . Greatly appreciated. Can you share some resource/link regarding this. I've been trying to do this from long time but without success or you can just tell what do you mean by "baked in as a part of AMI". Where we will store the private key of jenkins in this case ?
Yeah, you can put public key of Jenkins server in authorized keys of a gce instance..create a custom ami and let teams use that ami only. So going forward Jenkins will have access to all the instances coz the public key of Jenkins is present in all gce instances.
hi sir i have one doubt since both the project are in different networks we should connect over external ip ryt..only for within same network we use internal ip ..can u pls explain if i am wrng..somewhere i learnt in same way so
Hi sir.. i am newly learning gcp nd want to learn all concepts in order.. which videos of ur to follow in order to understand the comcepts nd clear ace external exam can u pls guideee
Could you share your email id please ? I have a specific requirement say, we have two projects and a third project as host where vpc network is created and it is shared with first two projects. In this scenario how the vpc peering looks like?? Happy to discuss more on call or email please
Thank you for the cleanest/clearest explanation. Keep up the good work!
Such a nice example and it is very simple and understand clearly abou VPC network peering. Very help full . Thank you GK.
Thanks alot, while preparing for architect certification your videos do help alot. Even the demos in each video makes easy to digest the concept. Thanks again.
The best video i have seen for all the concepts explained.
wow great explaination, keep the good work going
Thank you so MUCH! You are such a good teacher my friend!
Great video. Clearest example of peering that I've seen so far. Quite precise and pacing is good without too much fluff. Wish we could have seen an example of the creation of the peering using cloudshell as well - since you already did that nicely for the first part.
Thank you Carlos.
Does GCP allow transitive peering - for e.g. if Project A is peered with Project B, Project B is peered with Project C; then does it mean that Project A is automatically peered with Project C?
No it doesn't.
Nope it doesn't allow. VPCs have to be peered directly to each other to allow communication between them. To further filter on what subnets to allow to peer within vpc, you have to use firewall rules as by default all subnets within a vpc are peered once peering is set up, so to further filtering subnets within peered networks use firewall.
Both the author and Vikas are correct. One solution would be to open an ssh tunnel either from A or from B that provides A API access to C. for instance - if you do from project A: ssh -L 3306:project-C-vm:3306 user@project-B-vm -N - then you'd create the tunnel. and, if you want the tunnel to be self-healing, then autossh can be used. It is a hack - but seemingly reliable and simple.
Please try to cover advanced deep dive concept ex exchange custom routes, use cases where a lot of manual configuration can be avoided by using google managed private service connect service. I'm assuming you have extensive hard-core experience, i would come back to you for case base demos which are not even covered by qwiklabs :) Thank you JK !, i really appreciate you devoting time to enlighten us with your experience.
Good one..
You talked in video that in ACE, we don't except questions from this topic.. Could you pls make a video on important topics for ACE ...
2:00
for low latency application, it is much better to use vpc peered communication
Thanks for this video, requesting you to please zoom your content a bit more for better visualisation.
Sure, noted.
Thanks mate, it helped a lot
You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN to maintain a connection between your on-premises systems and Google Cloud until the migration is completed. You want to make sure all your on-premise systems remain reachable during this period. How should you organize your networking in Google Cloud?
A. Use the same IP range on Google Cloud as you use on-premises
B. Use the same IP range on Google Cloud as you use on-premises for your primary IP range and use a secondary range that does not overlap with the range you use on-premises
C. Use an IP range on Google Cloud that does not overlap with the range you use on-premises
D. Use an IP range on Google Cloud that does not overlap with the range you use on-premises for your primary IP range and use a secondary range with the same IP range as you use on-premises
I'm confused between options C and D. Could you please help me choose the correct one with an explanation?
VPC peering doesnt mandate both VPCs to be under same organization or same project.
Thanks for the content. What is the difference between a Shared VPC and VPC peering?
I think the main thing may be that VPC Peering can connect VPCs between different Organizations. Whereas VPC Sharing must stay within 1 organization. However, I'm sure there are other differences.
I am a business student don't have any prior knowledge in coding and I started using Google cloud shell while learning in qwiklabs gradually when I am about to finish the course I don't know how to write the command lines in cloud shell so can you please suggest me how to write command lines in cloud shell
What commands are you talking about ? gcloud commands or linux commands? gcloud commands are well documented for each service or you can learn how to do that by typing Eg:- gcloud app help for each service.
@Cloud Advocate suppose we want to go from our local machine to a server that acts as bastian host and then from bastian host we need to go to an instance(on different vpc) and then from that instance we need to access all other instances in one different vpc. So i need to ask you if its possible to use same private-public key pair to access all these using ssh forwarding or not. Or do i need to supply different key pairs.
Hi Pradeep, bastian host is going to be onprem or in cloud?
Local -> Bastian -> gcevm -> allgce is this right?
Hi, @@CloudAdvocate . The bastian host is also a google cloud vm and only accepts connection from my ip address. And then there is another vm on different vpc (let's assume jenkins server ) that accepts connection only from bastian host. Now this jenkins server should be able to ssh into all other instances (one or greater than one) that are on different vpc. So there are total three vpc's involved. I don't want to store the private key on cloud (on any server) for security reasons. So how can i reach jenkins server's terminal and then ssh into any instance i want for further development.
Then you have to put public key of Jenkins server in all VM's. Should be baked in as part of AMI. That way Jenkins can talk to all VM's.
@@CloudAdvocate thanks for your reply . Greatly appreciated. Can you share some resource/link regarding this. I've been trying to do this from long time but without success or you can just tell what do you mean by "baked in as a part of AMI". Where we will store the private key of jenkins in this case ?
Yeah, you can put public key of Jenkins server in authorized keys of a gce instance..create a custom ami and let teams use that ami only. So going forward Jenkins will have access to all the instances coz the public key of Jenkins is present in all gce instances.
Very Nice Explained...
Thank you so much 🙂
hi sir i have one doubt since both the project are in different networks we should connect over external ip ryt..only for within same network we use internal ip ..can u pls explain if i am wrng..somewhere i learnt in same way so
Yes but when you peer them together you communicate via private ip
@@CloudAdvocatethank u for reply..but will private ip work even outside network or org?
@@ushasree9388 no only if there is vpn or direct connect.
Can you please explain about direct connect
will do.
👍great
Hi sir.. i am newly learning gcp nd want to learn all concepts in order.. which videos of ur to follow in order to understand the comcepts nd clear ace external exam can u pls guideee
Hello, Please follow my learn gcp playlist on the channel.
Thanks!
Do a video on restapi. As a cloud engineer do we need know to use the rest api. Why it is used. Please anyone answer my question.
To an extent yes, how to consume the rest api's.
@@CloudAdvocate can you please elaborate clearly. I didn't get you.
You should know how to hit the rest api's of cloud and get the response..minimum
Can you please explain about shared VPC
Sure will do.
@@CloudAdvocate which location you are working from?
New Jersey
Could you share your email id please ?
I have a specific requirement say, we have two projects and a third project as host where vpc network is created and it is shared with first two projects. In this scenario how the vpc peering looks like?? Happy to discuss more on call or email please